UnstableSrcUri: check for unstable SRC_URI

Resolves: pkgcore#505 Resolves: pkgcore#510 Signed-off-by: Arthur Zamarin <arthurzam@gentoo.org>
arthurzam · Jul 7, 2023 · 7f1444d · 7f1444d
1 parent 4e9dbc1
commit 7f1444d
Show file tree

Hide file tree

Showing 5 changed files with 51 additions and 2 deletions.
diff --git a/src/pkgcheck/checks/metadata.py b/src/pkgcheck/checks/metadata.py
@@ -1332,6 +1332,24 @@ def desc(self):
         return f"SRC_URI filename {self.filename!r} starts with a dot"
 
 
+class UnstableSrcUri(results.VersionResult, results.Warning):
+    """SRC_URI uses unstable URIs.
+
+    This is usually a mistake, as those URIs are not guaranteed to be unchanged
+    which might cause checksum mismatch.
+    """
+
+    def __init__(self, uris, **kwargs):
+        super().__init__(**kwargs)
+        self.uris = tuple(uris)
+
+    @property
+    def desc(self):
+        s = pluralism(self.uris)
+        uris = " ".join(self.uris)
+        return f"unstable SRC_URI{s}: [ {uris} ]"
+
+
 class SrcUriCheck(Check):
     """SRC_URI related checks.
 
@@ -1351,6 +1369,7 @@ class SrcUriCheck(Check):
             UnknownMirror,
             UnstatedIuse,
             SrcUriFilenameDotPrefix,
+            UnstableSrcUri,
         }
     )
 
@@ -1363,13 +1382,18 @@ def __init__(self, *args, use_addon):
             r"https?://(github\.com/.*?/.*?/archive/.+\.zip|"
             r"gitlab\.com/.*?/.*?/-/archive/.+\.zip)"
         )
+        self.unstable_uris = re.compile(
+            r"^https?://files.pythonhosted.org/packages/(?:[0-9a-fA-F]{2}/){2}|"
+            r"^https?://patch-diff.githubusercontent.com/raw/.*/pull/[0-9]+.(patch|diff)$"
+        )
 
     def feed(self, pkg):
         lacks_uri = set()
         # duplicate entries are possible.
         seen = set()
         bad_filenames = set()
         tarball_available = set()
+        unstable_uris = set()
 
         report_uris = LogMap("pkgcore.log.logger.info", partial(RedundantUriRename, pkg))
         with LogReports(report_uris) as log_reports:
@@ -1395,8 +1419,11 @@ def feed(self, pkg):
                 (m, sub_uri) for m, sub_uri in mirrors if isinstance(m, unknown_mirror)
             ]
             for mirror, sub_uri in unknown_mirrors:
-                uri = f"{mirror}/{sub_uri}"
-                yield UnknownMirror(mirror.mirror_name, uri, pkg=pkg)
+                yield UnknownMirror(mirror.mirror_name, uri=f"{mirror}/{sub_uri}", pkg=pkg)
+
+            for uri in f_inst.uri:
+                if self.unstable_uris.match(uri):
+                    unstable_uris.add(uri)
 
             # Check for unspecific filenames of the form ${PN}.ext, ${PV}.ext,
             # and v${PV}.ext as well as archives named using only the raw git
@@ -1432,6 +1459,8 @@ def feed(self, pkg):
             yield BadFilename(sorted(bad_filenames), pkg=pkg)
         if tarball_available:
             yield TarballAvailable(sorted(tarball_available), pkg=pkg)
+        if unstable_uris:
+            yield UnstableSrcUri(sorted(unstable_uris), pkg=pkg)
 
 
 class BadDescription(results.VersionResult, results.Style):

diff --git a/testdata/data/repos/standalone/SrcUriCheck/UnstableSrcUri/expected.json b/testdata/data/repos/standalone/SrcUriCheck/UnstableSrcUri/expected.json
@@ -0,0 +1,2 @@
+{"__class__": "UnstableSrcUri", "category": "SrcUriCheck", "package": "UnstableSrcUri", "version": "0", "uris": ["https://files.pythonhosted.org/packages/7a/d9/ab5bc3268e21b460639806ccb48a5a95526c6018862f1aa852c69bce8f1d/UnstableSrcUri-0.tar.gz"]}
+{"__class__": "UnstableSrcUri", "category": "SrcUriCheck", "package": "UnstableSrcUri", "version": "1", "uris": ["http://files.pythonhosted.org/packages/5a/a9/ab5bc3268e21b460639806ccb48a5a95526c6018862f1aa852c69bce8f1d/UnstableSrcUri-1.tar.gz", "https://patch-diff.githubusercontent.com/raw/pkgcore/pkgcheck/pull/599.patch"]}
diff --git a/testdata/repos/standalone/SrcUriCheck/UnstableSrcUri/Manifest b/testdata/repos/standalone/SrcUriCheck/UnstableSrcUri/Manifest
@@ -0,0 +1,3 @@
+DIST UnstableSrcUri-0.tar.gz 153310 BLAKE2B a7484cd9bebe912f9c8877c0f09df059130c2dc5c4da8c926f8df7945bcb7b255cdf810ce8cd16a987fb5bca3d1e71c088cd894968641db5dfae1c4c059df836 SHA512 26ff9e1c4b9353b1fbb475c7bb9d2a97bd9db8421ea5190b5a84832930b34cb5b79f8c3da68a5eb8db334f06851ec129cc6611a371e47b7c5de7a615feec5e05
+DIST UnstableSrcUri-1.tar.gz 153312 BLAKE2B 78984cd9bebe912f9c8877c0f09df059130c2dc5c4da8c926f8df7945bcb7b255cdf810ce8cd16a987fb5bca3d1e71c088cd894968641db5dfae1c4c059df836 SHA512 15634e1c4b9353b1fbb475c7bb9d2a97bd9db8421ea5190b5a84832930b34cb5b79f8c3da68a5eb8db334f06851ec129cc6611a371e47b7c5de7a615feec5e05
+DIST 599.patch 100 BLAKE2B 10004cd9bebe912f9c8877c0f09df059130c2dc5c4da8c926f8df7945bcb7b255cdf810ce8cd16a987fb5bca3d1e71c088cd894968641db5dfae1c4c059df836 SHA512 15634eab4b9353b1fbb475c7bb9d2a97bd9db8421ea5190b5a84832930b34cb5b79f8c3da68a5eb8db334f06851ec129cc6611a371e47b7c5de7a615feec5e05
diff --git a/testdata/repos/standalone/SrcUriCheck/UnstableSrcUri/UnstableSrcUri-0.ebuild b/testdata/repos/standalone/SrcUriCheck/UnstableSrcUri/UnstableSrcUri-0.ebuild
@@ -0,0 +1,7 @@
+DESCRIPTION="Ebuild with unstable SRC_URI"
+HOMEPAGE="https://github.com/pkgcore/pkgcheck"
+SRC_URI="
+	https://files.pythonhosted.org/packages/7a/d9/ab5bc3268e21b460639806ccb48a5a95526c6018862f1aa852c69bce8f1d/${P}.tar.gz
+"
+SLOT="0"
+LICENSE="BSD"
diff --git a/testdata/repos/standalone/SrcUriCheck/UnstableSrcUri/UnstableSrcUri-1.ebuild b/testdata/repos/standalone/SrcUriCheck/UnstableSrcUri/UnstableSrcUri-1.ebuild
@@ -0,0 +1,8 @@
+DESCRIPTION="Ebuild with unstable SRC_URI"
+HOMEPAGE="https://github.com/pkgcore/pkgcheck"
+SRC_URI="
+	http://files.pythonhosted.org/packages/5a/a9/ab5bc3268e21b460639806ccb48a5a95526c6018862f1aa852c69bce8f1d/${P}.tar.gz
+	https://patch-diff.githubusercontent.com/raw/pkgcore/pkgcheck/pull/599.patch
+"
+SLOT="0"
+LICENSE="BSD"